Ouvertes

OAuth 2.0 and the Road to Hell. They say the road to hell is paved with good intentions.

Well, that’s OAuth 2.0. Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification, and left the working group. Removing my name from a document I have painstakingly labored over for three years and over two dozen drafts was not easy.
Labs/Weave/Identity/Account Manager. The Account Manager project aims to produce: A protocol definition that sites can use to define their account-and-session management features in a format a web browser can understand.

OpenID Foundation website. OpenID Connect. I’ve been thinking about how we make OpenID both easier and sexier for quite a while now.

As frustrating as the answer may be to technologists, the problem is not necessarily one that can be solved with more technology. Instead, at some point, you have to move beyond the original constituents of a solution and start to package up the thing in a way that is less alienating, and less “insider baseball”. “OpenID Connect”, therefore, is what I’m starting to use in casual conversation as my answer to Twitter and Facebook Connect.
OpenID + Email Aliasing = Less Spam.

On Friday, David Recordon, one of the original authors of OpenID, released a single-page specification for OpenID Connect, a concept that I outlined on this blog in January before I joined Google. I’m particularly excited about this early proposal because it builds on all the great progress that the community has made recently on a litany of technologies, including OAuth 2.0 and the link-based resource descriptor format (LRDD) and its emerging JSON-based variant (JRD).